diff --git a/Dockerfile.rpmbuild b/Dockerfile.rpmbuild new file mode 100644 index 0000000..eff391f --- /dev/null +++ b/Dockerfile.rpmbuild @@ -0,0 +1,65 @@ +# syntax=docker/dockerfile:1 +FROM fedora:42 + +# Minimal toolchain + rpm build tools + python build deps. +# NOTE: rpmbuild does NOT auto-install BuildRequires. Since we're building +# directly in a container (not via mock), we install the macro packages too. +RUN set -eux; dnf -y update; dnf -y install rpm-build rpmdevtools redhat-rpm-config gcc make findutils tar gzip rsync python3 python3-devel python3-setuptools python3-wheel pyproject-rpm-macros python3-rpm-macros openssl-devel ; dnf -y clean all + +# Build runner script (copies repo, tars, runs rpmbuild) +RUN set -eux; cat > /usr/local/bin/build-rpm <<'EOF' +#!/usr/bin/env bash +set -euo pipefail + +SRC="${SRC:-/src}" +WORKROOT="${WORKROOT:-/work}" +OUT="${OUT:-/out}" + +mkdir -p "${WORKROOT}" "${OUT}" +WORK="${WORKROOT}/src" +rm -rf "${WORK}" +mkdir -p "${WORK}" + +rsync -a --delete \ + --exclude '.git' \ + --exclude '.venv' \ + --exclude 'dist' \ + --exclude 'build' \ + --exclude '__pycache__' \ + --exclude '.pytest_cache' \ + --exclude '.mypy_cache' \ + "${SRC}/" "${WORK}/" + +cd "${WORK}" + +# Determine version from pyproject.toml unless provided +if [ -n "${VERSION:-}" ]; then + ver="${VERSION}" +else + ver="$(grep -m1 '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)".*/\1/')" +fi + +TOPDIR="${WORKROOT}/rpmbuild" +mkdir -p "${TOPDIR}"/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS} + +tarball="${TOPDIR}/SOURCES/bouquin-sqlcipher4-${ver}.tar.gz" +tar -czf "${tarball}" --transform "s#^#bouquin-sqlcipher4/#" . + +spec_src="rpm/bouquin-sqlcipher4.spec" + +cp -v "${spec_src}" "${TOPDIR}/SPECS/bouquin-sqlcipher4.spec" + +rpmbuild -ba "${TOPDIR}/SPECS/bouquin-sqlcipher4.spec" \ + --define "_topdir ${TOPDIR}" \ + --define "upstream_version ${ver}" + +shopt -s nullglob +cp -v "${TOPDIR}"/RPMS/*/*.rpm "${OUT}/" || true +cp -v "${TOPDIR}"/SRPMS/*.src.rpm "${OUT}/" || true +echo "Artifacts copied to ${OUT}" +EOF + +RUN chmod +x /usr/local/bin/build-rpm + +WORKDIR /work +ENTRYPOINT ["/usr/local/bin/build-rpm"] diff --git a/release.sh b/release.sh index 38b01fd..8775dc9 100755 --- a/release.sh +++ b/release.sh @@ -6,7 +6,7 @@ set -eo pipefail filedust -y . mkdir -p src/sqlcipher -cd sqlcipher && ./configure && make sqlite3.c && cp sqlite3.[ch] ../src/sqlcipher/ +cd sqlcipher && ./configure && make sqlite3.c && cp sqlite3.[ch] ../src/sqlcipher/ && cd ../ # Publish to Pypi poetry build @@ -39,5 +39,29 @@ for dist in ${DISTS[@]}; do bouquin-sqlcipher4-deb:${release} debfile=$(ls -1 dist/${release}/*.deb) - #reprepro -b /home/user/git/repo includedeb "${release}" "${debfile}" + reprepro -b /home/user/git/repo includedeb "${release}" "${debfile}" done + +# RPM +sudo apt-get -y install createrepo-c rpm +docker build -f Dockerfile.rpmbuild -t bouquin-sqlcipher4-rpm:f42 --progress=plain . +docker run --rm -v "$PWD":/src -v "$PWD/dist/rpm":/out bouquin-sqlcipher4-rpm:f42 +REPO_ROOT="${HOME}/git/repo_rpm" +RPM_REPO="${REPO_ROOT}/rpm/x86_64" +BUILD_OUTPUT="${HOME}/git/bouquin-sqlcipher4/dist" +REMOTE="letessier.mig5.net:/opt/repo_rpm" +KEYID="00AE817C24A10C2540461A9C1D7CDE0234DB458D" + +echo "==> Updating RPM repo..." +mkdir -p "$RPM_REPO" +cp "${BUILD_OUTPUT}/rpm/"*.rpm "$RPM_REPO/" + +createrepo_c "$RPM_REPO" + +echo "==> Signing repomd.xml..." +qubes-gpg-client --local-user "$KEYID" --detach-sign --armor "$RPM_REPO/repodata/repomd.xml" > "$RPM_REPO/repodata/repomd.xml.asc" + +echo "==> Syncing repo to server..." +rsync -aHPvz --exclude=.git --delete "$REPO_ROOT/" "$REMOTE/" + +echo "Done!" diff --git a/rpm/bouquin-sqlcipher4.spec b/rpm/bouquin-sqlcipher4.spec new file mode 100644 index 0000000..2101c23 --- /dev/null +++ b/rpm/bouquin-sqlcipher4.spec @@ -0,0 +1,77 @@ +# Fedora 42 RPM spec using Fedora's pyproject RPM macros. +# +# IMPORTANT: your upstream pyproject.toml declares Poetry as the build backend +# and lists build-system requires such as conan and lipomerge. Debian packaging +# disables PEP517 and builds via setup.py. +# +# To keep the RPM build closer to Debian while still using %pyproject_* macros, +# this spec rewrites ONLY the [build-system] table at %prep time so that +# PEP517 uses setuptools.build_meta with minimal requirements. +# +# If you prefer zero PEP517 involvement, use the "-setup.spec" instead. +%global upstream_version 4.12.0 + +Name: bouquin-sqlcipher4 +Version: %{upstream_version} +Release: 1%{?dist}.bouquin1 +Summary: SQLCipher 4-backed sqlcipher module (Bouquin fork) + +License: MIT +URL: https://git.mig5.net/mig5/bouquin-sqlcipher4 +Source0: %{name}-%{version}.tar.gz + +BuildRequires: gcc +BuildRequires: make +BuildRequires: redhat-rpm-config +BuildRequires: openssl-devel + +BuildRequires: pyproject-rpm-macros +BuildRequires: python3-devel + +Provides: python3-sqlcipher4 = %{version}-%{release} + +%description +Provides the `sqlcipher4` Python module compiled against a bundled SQLCipher 4 +amalgamation, suitable for use by Bouquin. Built for internal distribution. + +%prep +%autosetup -n bouquin-sqlcipher4 + +# Keep Python dist metadata in sync with the RPM Version. +sed -ri 's/version="[^"]+"/version="%{version}"/' setup.py + +# Rewrite [build-system] to avoid Poetry backend + non-packaged build requirements. +%{python3} - <<'PY' +from pathlib import Path +import re +p = Path("pyproject.toml") +txt = p.read_text(encoding="utf-8") +pat = re.compile(r'(?ms)^\[build-system\]\n.*?(?=^\[|\Z)') +replacement = ( + "[build-system]\n" + "requires = [\"setuptools>=45\", \"wheel\"]\n" + "build-backend = \"setuptools.build_meta\"\n\n" +) +p.write_text(pat.sub(replacement, txt), encoding="utf-8") +PY + +%generate_buildrequires +export BOUQUIN_SYSTEM_OPENSSL=1 +%pyproject_buildrequires + +%build +export BOUQUIN_SYSTEM_OPENSSL=1 +%pyproject_wheel + +%install +export BOUQUIN_SYSTEM_OPENSSL=1 +%pyproject_install +%pyproject_save_files sqlcipher4 + +%files -f %{pyproject_files} +%license LICENSE +%doc README.md + +%changelog +* Wed Dec 24 2025 Miguel Jacq - %{upstream_version} +- New release